System and Method for Enabling Device Dependent Rights Protection

ABSTRACT

A system and method for enhancing the protection of digital properties while also increasing the flexibility of distribution of the digital properties. In one embodiment, the digital property is protected through the binding of at least one unique client device identifier with the digital property prior to distribution. Decryption at a client device would therefore be dependent on a comparison of the unique client device identifier that is extracted from the encrypted digital property with a unique client device identifier of the device that is seeking to access the digital property.

This application is a continuation of non-provisional patent applicationSer. No. 13/041,643, filed Mar. 7, 2011, which is a continuation ofnon-provisional patent application Ser. No. 10/899,081, filed Jun. 7,2004 (now U.S. Pat. No. 7,908,477). Each of the above-identifiedapplications is incorporated by reference herein, in its entirety, forall purposes.

BACKGROUND

1. Field of the Invention

The present invention relates generally to prevention of unauthorizedaccess to electronic data by restricting the ability to access desiredcontent. In particular, the invention provides a system and methodwhereby electronic content can be securely transmitted over a network bybinding the content to unique identifiers associated with a plurality ofclient-owned devices, and restricting access to the content to onlythose devices.

2. Introduction

In recent years there has been an exponential growth of the Internet,coupled with advances in technology resulting in software programs,music, books, video games, even full-length movies, becoming availablein high-quality, easily reproducible and easily transmitted digitalformats. This has resulted in both unparalleled marketing opportunitiesand major challenges for manufacturers and distributors of these digitalproperties. The same factors that make these digital propertiesattractive to market, purchase and distribute also make them easy preyfor pirates to steal and either sell or give away, resulting in hugelosses in revenue for developers and distributors of these digitalproperties.

This dilemma has resulted in a series of defensive maneuvers to thwartthe pirates, who have just as aggressively sought ways to continue doingwhat they do. None of the efforts so far have been completely successfulin protecting the rights of intellectual property owners. There stillremains a need for a simple and secure method for developers anddistributors of electronically-based material to be able to market anddistribute their products over the Internet and other networks in amanner that enables them to take advantage of the huge potential thesedistribution media offer and to provide easy access to authorizedbuyers, while still protecting their intellectual property from illegalaccess and distribution.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to describe the manner in which the above-recited and otheradvantages and features of the invention can be obtained, a moreparticular description of the invention briefly described above will berendered by reference to specific embodiments thereof which areillustrated in the appended drawings. Understanding that these drawingsdepict only typical embodiments of the invention and are not thereforeto be considered limiting of its scope, the invention will be describedand explained with additional specificity and detail through the use ofthe accompanying drawings in which:

FIG. 1 Illustrates a computer network environment that includes a clientwho desires content, a content provider and a network through which theycan communicate.

FIG. 2 is a flow chart of a process whereby unique client deviceidentifiers are retrieved and used to create a device identifier tableat a server.

FIG. 3 is a flow chart of a process whereby a decision is made to grantor deny access by a client to encrypted desired content on the basis ofa unique identifier of a device owned by the client.

FIG. 4 is a data flow of an example implementation of a process wherebyunique client device identifiers are retrieved and used to create adevice identifier table at the content provider server.

DETAILED DESCRIPTION

Various embodiments of the invention are discussed in detail below.While specific implementations are discussed, it should be understoodthat this is done for illustration purposes only. A person skilled inthe relevant art will recognize that other components and configurationsmay be used without parting from the spirit and scope of the invention.

Addressing the critical need of safely transmitting valuableintellectual property over networks, including the Internet, should alsoconsider the ease of granting access to the digital property byauthorized purchasers who often possess a plurality of playback devices.It is a feature of the present invention that a client seeking to playdesired content on a plurality of devices can be easily grantedauthorization to do so, while also preventing unauthorized access byanyone not in possession of one of the specific set of client devices.

FIG. 1 illustrates an embodiment of the present invention, with a client120 communicating with a content provider 110 through a network 130. Invarious embodiments, the network can include a wide area network (WAN)such as the Internet, a local area network (LAN) or a combination of thetwo. Client 120 is generally operative to communicate with contentprovider 110 to identify and obtain digital properties.

In the illustrated embodiment, content provider 110 includes a server112 used to receive and transmit data with clients 120, and a storagedevice 114 containing a database used to store content available to bepurchased and downloaded by clients 120. As illustrated, client 120includes at least one client parent device 124, and a plurality ofclient child devices 121, 122, 123. In one embodiment, client parentdevice 124 represents a processing device such as a personal computer(PC), set top box (STB), or other audio/video device (e.g., mobilephone, personal digital assistant) that can communicate with server 112,while client child devices can represent a storage device or otherdevice that can receive data that is retrieved by client parent device124. Each client device 121, 122, 123, 124 can include one or moreunique device identifiers that can be retrieved electronically and whichprecisely identify the device.

As noted, the client 120 may include one or more of a class of devicessuch as a PC, STB, other audio/video devices (or any network-readydevice), a storage device, a portable music/video player, a personaldigital assistant, a portable phone, or any of a number of devicescapable of accessing electronic files. Furthermore, a plurality ofclient storage devices 121, 122, 123 that are usable by client parentdevice 124 may include a hard disk drive, a removable disk (such as acompact disk (CD)), digital versatile disk (DVD), floppy disk, ZIP disk,flash cards) or other media, each of which also possesses one or moreunique identifiers that are retrievable by electronic means and whichare ideally non-erasable and non-changeable. In one example, a uniqueidentifier associated with each one of a plurality of storage devicescomprises one or more of the following: product ID number, serial numberor product revision number.

Referring again to FIG. 1, the content provider 112 includes a server112 and at least one content database 114. In one embodiment, the server112 is a Sun J2EE Web Server. However, any server that can operate in aweb environment could be used. Since the content transmitted to client120 is to be protected, all content transmitted over the network 130 isencrypted. In one embodiment, encryption is performed before the contentis stored in the content database 112, thereby reducing the processingtime during client transactions. In an alternative embodiment,encryption of the content is performed during a transaction when thecontent is being requested by client 120.

In the environment of FIG. 1, various solutions have sought to identifymechanisms by which digital content can be transmitted to a clientdevice for playback or use only on that client device. This limitationis a natural consequence of the desire to limit the distribution of thedigital content by the various clients. In accordance with the presentinvention, protected content can be transmitted to a client for use by aplurality of client devices. In this process, a plurality of uniqueclient device identifiers are bound to the digital content. In oneembodiment, a device identifier table is used to store the unique deviceidentifiers associated with a respective plurality of client devices121, 122, 123, 124. This feature of the present invention is highlydesirable, since most clients seeking content now possess multipledevices suitable for playback of digital content. This and otherfeatures of the present invention are described in greater detail in thecontext of FIG. 2.

FIG. 2 is a flowchart showing the process in an embodiment of theinvention wherein a client identifies and requests desired content, andthen receives it in encrypted form. The process begins, at step 202,with a client 120 identifying desired content located in a contentdatabase 114 at the server 112 of a content provider 110. At step 204,one or more unique client device identifiers associated with arespective plurality of client devices 121, 122, 123, 124 are retrieved.For example, in one scenario the unique identifier for a PC hard diskdrive could include the product ID number and the serial number for thehard drive (or possibly even the PC itself). In another example, theunique identifier for a portable music player could include the serialnumber of the player and a product revision number. Next, at step 206,the retrieved unique client device identifiers are encrypted andtransmitted over the network 130 from client 120 to the server 112 ofthe content provider 110.

It is a feature of the present invention that the content provider 110can bind a plurality of device identifiers with a single piece ofprotected content to thereby enable a plurality of devices to access theprotected content. In one embodiment, this feature of the presentinvention is enabled through the creation of a device identifier tableat step 208. In this process, the plurality of device identifiersreceived from client 120 are stored in memory for later retrieval duringthe content file creation process. These device identifiers give thecontent provider 110 information by which he can accurately identify aplurality of devices and/or storage media which the client 120 wouldutilize in seeking access to the desired content. At step 210, thedesired content is bound to this device identifier table to create acontent file that includes information suitable for restricting accessto desired content to only those devices represented in the deviceidentifier table.

In one embodiment, the desired content can also be bound to a timestamp(in addition or in place of the device identifier table) that is used tolimit the time duration during which the content can be accessed byclient device(s). For example, a timestamp can be bound to the contentthat specifies that a particular movie file can be viewed for a three orfive day time period in a similar manner to a conventional movie rental.In this embodiment, access to the content can be conditioned on acomparison of a current time to the timestamp. In one embodiment, thecurrent time is retrieved from a network source to thereby preventtampering with the time readings at a local device.

The file created in step 210, which includes pre-encrypted contentcombined with the device identifier table, is then transmitted to theclient 120 at step 212 where a determination is made to grant or denyaccess to the desired content. In one example, all content that is to bemade available to be purchased and downloaded is pre-encoded and storedin a content database 114. In one embodiment, the retrieved deviceidentifiers, which are received in encrypted form from the client, canbe bound to the pre-encrypted content in step 210 in a way that couldfacilitate processing time. For example, the encryption key that is usedto encrypt the device identifier table can also be used to encrypt thekey that was used to pre-encrypt the content. In this manner, access tothe device identifier table and the content can be obtained using asingle encryption key. In another example, security is improved by usingtwo different encryption keys to encrypt the device identifier table andthe content. In an alternate embodiment, content is stored inunencrypted form. Here, the content and the device identifier tablewould both be encrypted when the content is requested by the client 120.

FIG. 3 is a flowchart illustrating the process where the encryptedcontent received from the content provider 110 is accessed by the client120. This process begins at step 302 where the encrypted content file isretrieved. At step 304, the device identifier table is extracted fromthe encrypted content file. In one embodiment, only the deviceidentifier portion of the encrypted content file is decrypted initially.Next, at step 306, the unique client identifier of the client device onwhich the content is to be played is compared to the list of uniqueclient identifiers included in the extracted device identifier table. Inone embodiment, the same function used to retrieve the unique deviceidentifiers at step 204 of FIG. 2 is used to retrieve the unique deviceidentifier of the current device.

At step 308, a determination is made as to whether the device identifierof the client device on which the content is to be played is includedamongst the set of one or more device identifiers included in the deviceidentifier table. If the client device identifier is not included in thedevice identifier table, a match does not result and playback of theprotected content is denied, ending the process. If the client deviceidentifier is included in the device identifier table, the client devicerepresents an authorized device and a match results. The process wouldthen continue at step 310 where the downloaded encrypted content isdecrypted. Finally, at step 312, the content is made available forplayback.

The benefit of the present method of authorizing access to multipleclient devices is readily apparent. By retrieving identifiers from aplurality of client devices, storing them in memory at the contentprovider server, and then binding the complete device identifier tableto the desired content, a mechanism is provided for granting access toany of a plurality of legitimate devices the client may wish to use forplayback.

Having described a general framework for controlling access to digitalcontent, a description of a detailed embodiment of protected contentdistribution is now described with reference to FIG. 4. FIG. 4illustrates a more detailed data flow for an embodiment of the processevents illustrated generally in FIG. 2, notably where a client 120 seeksand acquires encrypted content from a content provider 110. It should benoted that the detailed data flow of FIG. 4 is directed to a particularPC computing environment. This description is not meant to be limitingas the concepts of the present invention can be applied to othercomputing environments as would be apparent.

In the data flow illustrated in FIG. 4, the process begins at step 402with a user initiating contact with a content provider server. In oneembodiment, this contact is enabled through standard web browserfunctionality that enables a user to navigate to a particular web pageon a content provider web site. Once the user has navigated to thecontent provider web page, the content provider server would download,at step 404, a JAVA applet (DDRPDemo.jar) to the client machine, whichwould execute the applet within the browser of the client machine. Uponexecution of the applet within the browser of the client machine, anauthentication confirmation user interface element (e.g., an OK button)would be enabled within the browser window at step 406. A user wouldthen choose a content file from a selection menu, and request thecontent file by providing the authentication confirmation (e.g.,clicking the OK button) at step 408.

One of the functions of the applet is to download a file resident on theclient provider server and to place that downloaded file in an arbitrarydirectory in the client machine. This file will be decoded anddecompressed to produce the file diskid32.exe for execution by theclient machine. This program, when executed, is designed to retrieve thedevice identifier for one or more client devices and is deleted as soonas the device identifier retrieval process finishes.

Prior to retrieving the device identifier(s), the applet would alsorequest an approval from the user at step 410. Once the user providesthe requested approval (e.g., clicking an OK button), the diskid32.exeprogram would proceed to retrieve the device identifier(s).

In general, PC, STB and other audio/video devices (e.g., mobile phonewith audio or video playback capability, electronic book, or the like)on which digital formatted files can be played are equipped with storagedevices such as a hard disk drive and a removable disk (e.g., CD andDVD). Typically, each storage device has its own reference number (e.g.,the combination of vendor, product number, serial number, productrevision number and other information from the device's read only memory(ROM)) that is allotted by the hardware vendor.

The diskid32.exe program is designed to retrieve the components of adefined reference number. In one embodiment, the diskid32.exe programrepresents an altered version of the freeware program DiskId32 writtenin C++, which operates on all Windows platforms with the followingfunctions:

-   ReadPhysicalDriveInNTWithAdminRights( );-   ReadIdeDriveAsScsiDriveInNT( );-   ReadPhysicalDriveInNTWithZeroRights( );-   ReadDrivePortsInWin9X( );

Once the device identifier(s) are retrieved, the device identifier(s)along with the identification of the content to be retrieved are thentransmitted to the content provider server at step 412. In oneembodiment, the JSObject class is used in the applet so thatcommunication between applet and JavaScript can be performed by postingthrough the html form. As a result, the device identifier(s) acquired bydiskid32.exe can be sent to the content provider server throughJavaScript.

Since the unique device identifier(s) will be exchanged over network 130(e.g., the Internet), an encoding/encryption technique is implementedbecause of security. Consequently, some code for encoding/encryption isincorporated in an encryption module that is accessible to thediskid32.exe program.

In one embodiment, encoding/encryption for content such as a multi-mediafile is carried out by a command line program by use of a COM componentencryption software package such as axsStrongBox by Morello PublishingLtd. In this embodiment, the following settings can be used forencryption: GZIP Compression, Rijndael Algorithm (private key −256 bit),Base64 Encoding, CBC mode, and PKCS7 Padding. Since these settings areset up as parameters, these settings can be changed flexibly. As for thekey, an arbitrary 32 byte seed can be hardcoded within the program thatis used to access the protected file.

After the client device identifiers and content identification arereceived at the content provider server, the content provider server canthen proceed to generate the protected content file. In one embodiment,the set of device identifiers is placed in a device identifier table andencrypted. This encrypted device identifier table can then be mergedwith the encrypted content (optionally pre-encrypted) requested by theclient to produce a protected content file.

In one embodiment, this function is accomplished by a JAVA servlet(j2ee_DDRPDemo.class), which is executed at the content provider server.This file protection process creates a protected content file by bindingthe desired content requested by the client to unique identifiers of aplurality of client devices to be utilized for playback. As would beappreciated, the specific method by which the device identifiers arebound to the content is implementation dependent.

At step 414, the servlet displays at the client browser a confirmationelement (e.g., OK button) that allows the user to initiate the downloadof the requested content. After the download is requested by the useraffirmation (e.g., clicking the OK button) at step 416, the protectedcontent file (.ddrp file) is downloaded at step 418 to the client devicewhere it will be tested to grant or deny access to the content.

Here, it should be noted that the corresponding decryption moduleaccessed by the client device can be embodied as a Windows command lineprogram which reproduces a file playable on the appropriate applicationfrom a file that has been downloaded from the content provider server.As noted in FIG. 3, if the actual device identifier of the machine andthe device identifier bound to the content file matches, the contentwill be restored with decoding/decryption performed. It should be notedthat although some content is output to a file when actually using itwithin an application, the content should be processed in memory and feddirectly to the reproducing software. This process ensures that theunencrypted content is never left as a reproducible file on disk.

In an alternative embodiment, the protected content file can also bestored in some media (e.g., CD, DVD, or the like) at the server site anddelivered to the user as a physical package.

Although the above description may contain specific details, they shouldnot be construed as limiting the claims in any way. Other configurationsof the described embodiments of the invention are part of the scope ofthis invention. Accordingly, the appended claims and their legalequivalents only should define the invention, rather than any specificexamples given.

1. A method, comprising: binding, using an encryption key, a deviceidentifier table with content to create a protected content file, saiddevice identifier table including a plurality of unique identifiers thatcorrespond to a plurality of client devices; and transmitting saidprotected content file to said user, wherein access to said content insaid protected content file is based on a determination of whether anidentifier associated with a client device used in an access transactionis included among said plurality of unique identifiers in said deviceidentifier table of said protected content file.
 2. The method asrecited in claim 1, wherein said plurality of client devices include twoor more of a storage device, a personal computer, a set top box, and anaudio/video device.
 3. The method as recited in claim 1, wherein saididentifier associated with said client device used in said accesstransaction is a product ID number.
 4. The method as recited in claim 1,wherein said identifier associated with said client device used in saidaccess transaction is a serial number.
 5. The method as recited in claim1, wherein said identifier associated with said client device used insaid access transaction is a product revision number.
 6. The method asrecited in claim 1, wherein said identifier associated with said clientdevice used in said access transaction is a combination of two or moreof a serial number, product revision number, or product ID number. 7.The method as recited in claim 1, wherein said binding comprisesencrypting the protected content file.
 8. A method, comprising: binding,using an encryption key, a device identifier table that includes aplurality of unique identifiers of a plurality of client devices withcontent to create a protected content file; and sending a portable mediathat contains said protected content file to a user, wherein access tosaid protected content file on said portable media is based on adetermination of whether an identifier associated with a client deviceused for said access is included in said device identifier table of saidprotected content file.
 9. The method as recited in claim 8, whereinsaid plurality of client devices include two or more of a storagedevice, a personal computer, a set top box, and an audio/video device.10. The method as recited in claim 8, wherein said identifier associatedwith said client device used for said access is a product ID number. 11.The method as recited in claim 8, wherein said identifier associatedwith said client device used for said access is a serial number.
 12. Themethod as recited in claim 8, wherein said identifier associated withsaid client device used for said access is a product revision number.13. The method as recited in claim 8, wherein said identifier associatedwith said client device used for said access is a combination of two ormore of a serial number, product revision number, or product ID number.14. The method as recited in claim 8, wherein said binding comprisesencrypting the protected content file.
 15. A method, comprising:receiving a protected content file in a client device, said receivedprotected content file having a device identifier table that is bound tocontent using an encryption key, said device identifier table includinga plurality of unique identifiers; and accessing, via said clientdevice, said content in said protected content file, said accessingincluding a determination that an identifier associated with a contentaccessing device is included among said plurality of unique identifiersin said device identifier table of said protected content file.
 16. Themethod as recited in claim 15, wherein said plurality of uniqueidentifier are associated with a plurality of client devices thatinclude two or more of a storage device, a personal computer, a set topbox, and an audio/video device.
 17. The method as recited in claim 15,wherein one of said plurality of unique identifiers is a product IDnumber.
 18. The method as recited in claim 15, wherein one of saidplurality of unique identifiers is a serial number.
 19. The method asrecited in claim 15, wherein one of said plurality of unique identifiersis a product revision number.
 20. The method as recited in claim 15,wherein one of said plurality of unique identifiers is a combination oftwo or more of a serial number, product revision number, or product IDnumber.